Australian website waits 3 years to inform customers of data breach

Scorpus

Scorpus

Posts: 2,162   +239
Staff member

If you want a good idea of exactly what not to do in informing customers of a data breach involving your website, follow the lead set by Australian website Catch of the Day.

Catch of the Day, an Australian retail website offering discounted prices and deals on a range of products, suffered a severe security breach in early 2011. Names of customers, plus their delivery addresses, email addresses and encrypted passwords were compromised, alongside credit card information in some circumstances.

Astonishingly, it took Catch of the Day three years to inform their customers of the security breach. An email sent out to users on Friday evening local time suggested that anyone who registered an account before May 7, 2011 should change their passwords, as "technological advances" has lead to an increased risk of the encrypted passwords being uncovered.

The security practices at Catch of the Day have significantly improved since 2011, according to the site's general manager, Jason Rudy. In a statement released to ZDnet, he claimed the website's security systems have "undergone continual upgrades to keep in line with industry standards and best practices."

Rudy also apologized to customers, saying "we take data security seriously and have taken strong measures to protect their personal information."

At the time of the breach, Catch of the Day informed local police, banks, and credit card companies of what had occurred. It's unclear exactly why the website took three years to inform their customers that their data had been compromised, but it's bad practice from a company claiming to be Australia's number one online store.

Permalink to story.

https://www.techspot.com/news/57466-australian-website-waits-3-years-to-inform-customers-of-data-breach.html

 
"we take data security seriously and have taken strong measures to protect their personal information." You take data security soo seriously you plan to inform them about your failure of a security system after the hackers have used there details! Well done... well done...

Then you take strong measures to protect personal information I dunno about you but waiting 3years before telling them which means allowing 3years to pass aka customers cant find out if they fell victim of credit card fraud, I must say thats the damn strongest measure I have ever heard.

Well done Catch of the Day you have sucessfully ruined your reputation for 100% current & future & past customers, gosh your employee's and CEO & Owner must be super proud for making sure they get avoided by the whole population of earth!
 
  • Like
Reactions: SirChocula
cliffordcooley said:
If after 3 years, no one was targeted, why would that change?
Click to expand...
For all we know some of them already may have been but, since they weren't alerted by the website, they might not have made the connection to the website. The customers just dealt with it and moved on.
Rudy also apologized to customers, saying "we take data security seriously and have taken strong measures to protect their personal information."
Click to expand...
Actions seem to prove otherwise.
 
  • Like
Reactions: spectrenad
I don't know of anyone that has used the website since 2011, as their 'deals' have gone severely downhill.

Also, I never got an email. Good to know I'm safe and secure!
 
I buy from them every now and then. They offer great deals every 1 in 100 or so ;)
 
I'm a Catch Of The Day customer and when I heard this I was FURIOUS! Really fricken pissed off. Who takes 3 bloody YEARS to tell their customers that their shopping details have been stolen. I logged straight in and changed my password and looked at the details they had stolen...

...and then I realised I signed up for the site in 2012.

So we've finally reached the stage where someone can sign up for a site, forget when they signed up and get pissed off at the company, and not be effected by the problem.

Catch Of The Day; internet troll? or best internet troll?
 
  • Like
Reactions: cliffordcooley
You must log in or register to reply here.

Similar threads

Shawn Knight
Xfinity data breach impacts over 35 million customers
Replies
6
Views
287
Neatfeatguy
N
A
Samsung UK customers affected by a year-long data breach
Replies
0
Views
241
Alfonso Maruccia
A
midian182
AT&T confirms data leak affecting 73 million customers - after spending two weeks denying it
Replies
5
Views
131
Karlos95
Karlos95

Latest posts

Back